One of the limitations of various versions of the Internet Protocol (IP) such as IPv4, is that there are a limited number of addresses. Consequently, in order to conserve addresses, enterprises and other administrative domains have resorted to using private addresses. Private addresses typically are network addresses in which the IP address falls within the ranges of 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255.
Private addresses that are assigned by an administrative entity within a private network only have relevance within the respective private network. Accordingly, such private addresses are typically not visible or allowed outside the private network. An advantage of using private addresses, however, is that different private networks may assign the same private IP address to hosts within their respective private networks without any concern of conflict. On the other hand, a Network Address Translator (NAT), which can also function as Network Address Port Translator (NAPT), can be used when a host that is assigned a private address within a private network intends to send an IP datagram to a host that is outside the private network of the sending host. A NAT transforms a private IP address (and possibly other selected fields within the datagram) into a public IP address prior to the IP datagram being sent outside the private network associated with the NAT. With the added functionality of the NAPT, the NAT can further transform ports, such as Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ports, from the private network to the public network. Similarly, when an IP datagram is sent from a host that is outside the administrative domain associated with the NAT to a host with a private address, then the NAT transforms a public IP address to a private IP address and, with the NAPT added functionality, a port in the public network to a port in the private network.
In addition to providing address and port translations, the NAT can communicate with a firewall and/or gateway that operates as a security mechanism to an associated private network. In this regard, the firewall/gateway can operate to provide security in that, as before incoming datagrams pass through a translation process of the NAT and/or after outgoing datagrams pass through a translation process of the NAT, the firewall/gateway can be capable of qualifying such datagrams. In addition, by translating private IP addresses into public IP addresses, the NAT can be capable of providing a measure of privacy for those associated with the private IP addresses. An application level gateway (ALG) is often referred to as a program running on a firewall or in cooperation with a firewall as part of a network address translator (NAT) to perform network address translation. An ALG typically is capable of understanding application protocol to support not only IP and/or TCP but also UDP based protocols such as TFTP. When combined with NAT to translate IP and TCP address protocols, ALG provides a higher level of security by translating addressing in higher level protocols.
The use of private addresses within a private network and use of a NAT at the edge of a private network has been widely adopted and deployed within enterprises. There are, however, drawbacks associated with use of a NAT. In this regard, consider a private network comprising, connected to or otherwise associated with a mobile network, such as a General Packet Radio Service (GPRS) network. In such instances, a terminating node, such as a mobile terminal, communicating across the mobile network can generally initiate a communication session, such as in accordance with the Session Initiation Protocol (SIP), with an IP device across the NAT. An IP device typically cannot, however, initiate a similar SIP communication session with the terminating node across the NAT. In addition, because terminating nodes typically lack a static and public identity like a fixed IP-address, IP devices often cannot identify a desired terminating node to the NAT.
Additionally, the function of NAT is to modify the IP address, and possibly also the port number, for outgoing source and incoming destination datagrams. Similarly, ALG modifies corresponding IP addresses and port numbers in application protocols of upper layers such as SIP. The modifications typically prevent upper layer application protocols such as SIP from operating properly or even passing through a NAT or firewall (NAT/FW).
These typical configurations of mobile networks prevent an IP device from initiating an SIP communication session with a respective terminating node for a number of reasons. For example, if an upper layer protocol such as SIP is using layer 3 information such as an IP address, the upper layer may not function properly if the information is changed only in layer 3, or in all the layers.
To overcome the drawback of the NAT, ALG, and firewall communication interference to permit IP devices to initiate an SIP communication session with a terminating node, networks can be configured such that each terminating node has a unique, fixed IP address, where those addresses are entered into a respective Domain Name System (DNS) server. The NAT and any security components (e.g., firewall/gateway, etc.) of the network can also be configured to allow an IP device to initiate an SIP communication session with a terminating node and allow routing of traffic to and from the IP address allocated to the terminating node. In addition, for example, network resources required for IP connectivity with each terminating node in the network can be allocated when the terminating node is connected to the network. For example, a bi-directional communication connection can be established, such as a TCP connection out through the firewall to an SIP server. Other solutions include Simple Traversal of UDP through NAT (STUN), running SIP over port 80, using an application layer firewall/NAT configuration that understands SIP, and using a packet filtering firewall/NAT under the control of a proxy server.
Such network-specific configuration techniques for permitting IP devices to initiate an SIP communication session with a terminating node require additional functionality. Thus, it would be desirable to design a system capable of permitting IP devices to initiate an SIP communication session with a terminating node in a mobile or private network that avoids the problems with NAT, ALG, and firewall/gateway limitations.